Keith Owens wrote:
>
> Anything sleeping loses the lock. Any sleep in module open code primes
> the race, if the module_exit code also sleeps the race is triggered.
You're a hard man, Mr Owens.
So sys_delete_module() isn't allowed to sleep. It's hard to make this
rule future-safe.
Do you think that the concept of grabbing the entire machine during
module unload is an acceptable one? I think it is, because the act of
actually unloading kernel text is so unique and traumatic.
If so then it shouldn't be too hard to find a way. You have shown why
we can't use the big lock, but we could create a new one for this
purpose. The challenge is to find a place to put it. A code path which
is regularly traversed in toplevel context and has an upper bound on the
revisit period.
Such as schedule() (we'd get shot..).
sys_delete_module()
{
...
spin_lock(&module_deletion_lock);
blocked_cpus = 1 << smp_processor_id();
while (blocked_cpus != ((1 << smp_num_cpus) - 1))
;
{
I think the only code whcih needs to go in
here is the call to vfree(module).
}
spin_unlock(&module_deletion_lock);
...
}
schedule()
{
...
if (spin_is_locked(&module_deletion_lock))
wait_while_unloading()
}
wait_while_unloading()
{
set_bit(&blocked_cpus, smp_processor_id());
while (spin_is_locked(&module_deletion_lock))
;
}